Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
11-20-2013, 02:19 AM
|
#1
|
LQ Newbie
Registered: Jul 2012
Posts: 19
Rep:
|
SSH connects to wrong IP when being routed
I have 3 interfaces on my Linux router:
172.16.4.0/23 (Called: eth0, GW: 172.16.4.1)
172.16.2.0/23 (Called: lan0, GW: 172.16.2.1)
192.168.10.0/24 (Called: wan0, masqs to lan0 and eth0, is an internet connection)
All hosts can ping each other correctly and routing seems to be working fine (ie, if a host is down, ping obviously fails).
Now here's where it gets weird, if I SSH from any host in 172.16.2.0 into and try to connect to a host in 172.16.4.0, then my router that's routing traffic will always reply. Likewise if I try to from 172.16.4.0 into 172.16.2.0, my router always answers.
I can SSH into any machine perfectly fine on the same network, and from the internet inwards. The router itself can SSH into any host on any network.
It only does this for SSH. VNC remote desktop for example will work fine between the networks.
I've checked IP Tables, and there seems to be no SSH rule that would cause this (It's quite long), I made doubly sure by commenting some out to see if it had any changes.
|
|
|
11-20-2013, 02:54 AM
|
#3
|
LQ Newbie
Registered: Jul 2012
Posts: 19
Original Poster
Rep:
|
I may have mis-explained what I meant with the GWs. I mean that the DHCP server (that's also running on the router) gives these IPs out as the default gateway when it assigns an IP for that subnet.
Here's is my route -n
Code:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.10.1 0.0.0.0 UG 0 0 0 wan0
172.16.2.0 0.0.0.0 255.255.254.0 U 0 0 0 lan0
172.16.4.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0
192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 wan0
|
|
|
11-20-2013, 08:54 AM
|
#4
|
LQ Newbie
Registered: Nov 2013
Posts: 16
Rep:
|
Since all other protocols are routed between the two networks very well.
Except for ssh which your linux replies to on behalf of the receiving end .
Then it is an iptables issue and it is in the nat table .
Because i think there is a rule that performs some kind of dnat translating the destination address to the ip address of your router
|
|
|
11-20-2013, 06:04 PM
|
#5
|
Member
Registered: Sep 2004
Location: Japan
Distribution: RHEL9.4
Posts: 735
Rep:
|
Sorry, a quick question, what exactly are you trying to accomplish with 2 subnets? Is it for home? 2 nics as well? For a home setup i do believe there would be more straight forward setups not requiring all the complex nat configurations
But on a sidenote I recommend using iproute2 for these type of setups. Other than nat as mentioned, by using iproute2 it is good for making sure traffic returns on the intended interface.
A little more about iproute2
http://lartc.org/howto/index.html
But i agree that there is something up with your nat or somewhere else in iptables with the setup seeing most things work as intended.
Last edited by ericson007; 11-20-2013 at 06:41 PM.
|
|
|
12-01-2013, 08:26 PM
|
#6
|
LQ Newbie
Registered: Dec 2013
Posts: 4
Rep:
|
I'm assuming this happens because you are doing all this on a single L2 device -- e.g. a single switch. If you want this to work you will need to set up source based routing as the previous reply indicates with the iproute documentation. I've only had marginal success with that when trying to implement a multipath iscsi network using the same switch. If you can use multiple switches to actually isolate the networks, that will make your life far easier.
|
|
|
12-02-2013, 04:26 PM
|
#7
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348
Rep:
|
Quote:
Originally Posted by padan
I'm assuming this happens because you are doing all this on a single L2 device -- e.g. a single switch. If you want this to work you will need to set up source based routing as the previous reply indicates with the iproute documentation. I've only had marginal success with that when trying to implement a multipath iscsi network usi
|
I don't see what the switch could possibly have to do with the destination IP address of a tcp packet, or where source-based routing enters the picture. He's having issues with the gateway intercepting SSH packets destined for the opposite network, which is neither a layer 2 problem nor a routing issue.
@Slyke: I believe hussam.dh is right; this has to be NAT related. The SSH daemon on the router should only reply to packets destined for a local IP address, which means that at some point the destination address packets from these networks must have been altered.
Look for rules in the PREROUTING chain of the nat table, specifically any rules matching tcp port 22 ( iptables-save -t nat | grep PREROUTING).
|
|
|
All times are GMT -5. The time now is 12:32 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|